CVE-2002-0001 - Vulnerability Details - OpenCVE

Vulnerability in RFC822 address parser in mutt before 1.2.5.1 and mutt 1.3.x before 1.3.25 allows remote attackers to execute arbitrary commands via an improperly terminated comment or phrase in the address list.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Mutt	Mutt
Redhat	Linux

Configuration 1 [-]

OR	cpe:2.3:a:mutt:mutt::::::::
	cpe:2.3:a:mutt:mutt::::::::

Package	CPE	Advisory	Released Date
Red Hat Linux 6.2
	cpe:/o:redhat:linux:6.2	RHSA-2002:003	2002-01-07T00:00:00Z
Red Hat Linux 7.0
	cpe:/o:redhat:linux:7.0	RHSA-2002:003	2002-01-07T00:00:00Z
Red Hat Linux 7.0j
	cpe:/o:redhat:linux:7.0j	RHSA-2002:003	2002-01-07T00:00:00Z
Red Hat Linux 7.1
	cpe:/o:redhat:linux:7.1	RHSA-2002:003	2002-01-07T00:00:00Z
Red Hat Linux 7.2
	cpe:/o:redhat:linux:7.2	RHSA-2002:003	2002-01-07T00:00:00Z

References

Link	Providers
ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-002.0.txt
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:04.mutt.asc
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000449
http://marc.info/?l=bugtraq&m=100994648918287&w=2
http://online.securityfocus.com/advisories/3778
http://www.debian.org/security/2002/dsa-096
http://www.iss.net/security_center/static/7759.php
http://www.mutt.org/announce/mutt-1.2.5.1-1.3.25.html
http://www.novell.com/linux/security/advisories/2002_001_mutt_txt.html
http://www.redhat.com/support/errata/RHSA-2002-003.html
http://www.securityfocus.com/bid/3774
https://nvd.nist.gov/vuln/detail/CVE-2002-0001
https://www.cve.org/CVERecord?id=CVE-2002-0001

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2002-01-03T05:00:00

Updated: 2024-08-08T02:35:17.475Z

Reserved: 2002-01-01T00:00:00

Link: CVE-2002-0001

Vulnrichment

No data.

NVD

Status : Modified

Published: 2002-02-27T05:00:00.000

Modified: 2024-11-20T23:38:03.860

Link: CVE-2002-0001

Redhat

Severity :

Publid Date: 2002-01-01T00:00:00Z

Links: CVE-2002-0001 - Bugzilla

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2002-01-01T00:00:00", "descriptions": [{"lang": "en", "value": "Vulnerability in RFC822 address parser in mutt before 1.2.5.1 and mutt 1.3.x before 1.3.25 allows remote attackers to execute arbitrary commands via an improperly terminated comment or phrase in the address list."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2016-10-17T13:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "HPSBTL0201-011", "tags": ["vendor-advisory", "x_refsource_HP"], "url": "http://online.securityfocus.com/advisories/3778"}, {"name": "FreeBSD-SA-02:04", "tags": ["vendor-advisory", "x_refsource_FREEBSD"], "url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:04.mutt.asc"}, {"name": "DSA-096", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2002/dsa-096"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.mutt.org/announce/mutt-1.2.5.1-1.3.25.html"}, {"name": "CLA-2002:449", "tags": ["vendor-advisory", "x_refsource_CONECTIVA"], "url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000449"}, {"name": "mutt-address-handling-bo(7759)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "http://www.iss.net/security_center/static/7759.php"}, {"name": "3774", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/3774"}, {"name": "CSSA-2002-002.0", "tags": ["vendor-advisory", "x_refsource_CALDERA"], "url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-002.0.txt"}, {"name": "SuSE-SA:2002:001", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://www.novell.com/linux/security/advisories/2002_001_mutt_txt.html"}, {"name": "20020101 [Announce] SECURITY: mutt-1.2.5.1 and mutt-1.3.25 released.", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://marc.info/?l=bugtraq&m=100994648918287&w=2"}, {"name": "RHSA-2002:003", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://www.redhat.com/support/errata/RHSA-2002-003.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2002-0001", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Vulnerability in RFC822 address parser in mutt before 1.2.5.1 and mutt 1.3.x before 1.3.25 allows remote attackers to execute arbitrary commands via an improperly terminated comment or phrase in the address list."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "HPSBTL0201-011", "refsource": "HP", "url": "http://online.securityfocus.com/advisories/3778"}, {"name": "FreeBSD-SA-02:04", "refsource": "FREEBSD", "url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:04.mutt.asc"}, {"name": "DSA-096", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2002/dsa-096"}, {"name": "http://www.mutt.org/announce/mutt-1.2.5.1-1.3.25.html", "refsource": "CONFIRM", "url": "http://www.mutt.org/announce/mutt-1.2.5.1-1.3.25.html"}, {"name": "CLA-2002:449", "refsource": "CONECTIVA", "url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000449"}, {"name": "mutt-address-handling-bo(7759)", "refsource": "XF", "url": "http://www.iss.net/security_center/static/7759.php"}, {"name": "3774", "refsource": "BID", "url": "http://www.securityfocus.com/bid/3774"}, {"name": "CSSA-2002-002.0", "refsource": "CALDERA", "url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-002.0.txt"}, {"name": "SuSE-SA:2002:001", "refsource": "SUSE", "url": "http://www.novell.com/linux/security/advisories/2002_001_mutt_txt.html"}, {"name": "20020101 [Announce] SECURITY: mutt-1.2.5.1 and mutt-1.3.25 released.", "refsource": "BUGTRAQ", "url": "http://marc.info/?l=bugtraq&m=100994648918287&w=2"}, {"name": "RHSA-2002:003", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2002-003.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-08T02:35:17.475Z"}, "title": "CVE Program Container", "references": [{"name": "HPSBTL0201-011", "tags": ["vendor-advisory", "x_refsource_HP", "x_transferred"], "url": "http://online.securityfocus.com/advisories/3778"}, {"name": "FreeBSD-SA-02:04", "tags": ["vendor-advisory", "x_refsource_FREEBSD", "x_transferred"], "url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:04.mutt.asc"}, {"name": "DSA-096", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2002/dsa-096"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.mutt.org/announce/mutt-1.2.5.1-1.3.25.html"}, {"name": "CLA-2002:449", "tags": ["vendor-advisory", "x_refsource_CONECTIVA", "x_transferred"], "url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000449"}, {"name": "mutt-address-handling-bo(7759)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "http://www.iss.net/security_center/static/7759.php"}, {"name": "3774", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/3774"}, {"name": "CSSA-2002-002.0", "tags": ["vendor-advisory", "x_refsource_CALDERA", "x_transferred"], "url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-002.0.txt"}, {"name": "SuSE-SA:2002:001", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://www.novell.com/linux/security/advisories/2002_001_mutt_txt.html"}, {"name": "20020101 [Announce] SECURITY: mutt-1.2.5.1 and mutt-1.3.25 released.", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://marc.info/?l=bugtraq&m=100994648918287&w=2"}, {"name": "RHSA-2002:003", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://www.redhat.com/support/errata/RHSA-2002-003.html"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2002-0001", "datePublished": "2002-01-03T05:00:00", "dateReserved": "2002-01-01T00:00:00", "dateUpdated": "2024-08-08T02:35:17.475Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mutt:mutt:*:*:*:*:*:*:*:*", "matchCriteriaId": "7335B1D2-823F-404D-B6C8-7E789B20D4BD", "versionEndIncluding": "1.2.5.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:mutt:mutt:*:*:*:*:*:*:*:*", "matchCriteriaId": "9CEA8211-EF60-4538-A263-289B7EEEF230", "versionEndIncluding": "1.3.25", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Vulnerability in RFC822 address parser in mutt before 1.2.5.1 and mutt 1.3.x before 1.3.25 allows remote attackers to execute arbitrary commands via an improperly terminated comment or phrase in the address list."}, {"lang": "es", "value": "Vulnerabilidad en el analizador de direcciones RFC822 de mutt (versiones 1.2.5.1 y anteriores y 1.3.x hasta la 1.3.35), permite que atacantes remotos puedan ejecutar comandos arbitrarios por medio de un comentario o frase mal terminado en la lista de direcciones."}], "id": "CVE-2002-0001", "lastModified": "2024-11-20T23:38:03.860", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2002-02-27T05:00:00.000", "references": [{"source": "cve@mitre.org", "url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-002.0.txt"}, {"source": "cve@mitre.org", "url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:04.mutt.asc"}, {"source": "cve@mitre.org", "url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000449"}, {"source": "cve@mitre.org", "url": "http://marc.info/?l=bugtraq&m=100994648918287&w=2"}, {"source": "cve@mitre.org", "url": "http://online.securityfocus.com/advisories/3778"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://www.debian.org/security/2002/dsa-096"}, {"source": "cve@mitre.org", "url": "http://www.iss.net/security_center/static/7759.php"}, {"source": "cve@mitre.org", "url": "http://www.mutt.org/announce/mutt-1.2.5.1-1.3.25.html"}, {"source": "cve@mitre.org", "url": "http://www.novell.com/linux/security/advisories/2002_001_mutt_txt.html"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://www.redhat.com/support/errata/RHSA-2002-003.html"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/3774"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-002.0.txt"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:04.mutt.asc"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000449"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=bugtraq&m=100994648918287&w=2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://online.securityfocus.com/advisories/3778"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "http://www.debian.org/security/2002/dsa-096"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.iss.net/security_center/static/7759.php"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.mutt.org/announce/mutt-1.2.5.1-1.3.25.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.novell.com/linux/security/advisories/2002_001_mutt_txt.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "http://www.redhat.com/support/errata/RHSA-2002-003.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/3774"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}